Lucene search

K
cvelistApacheCVELIST:CVE-2024-27348
HistoryApr 22, 2024 - 2:08 p.m.

CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin

2024-04-2214:08:06
apache
www.cve.org
15
cve-2024-27348
apache hugegraph-server
command execution
vulnerability
java8
java11
upgrade
auth system
fix

AI Score

6.9

Confidence

Low

EPSS

0.963

Percentile

99.6%

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11

Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache HugeGraph-Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "1.3.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

AI Score

6.9

Confidence

Low

EPSS

0.963

Percentile

99.6%